oauth2: always delete the temp document on a POST (#22717)

2018-03-21 21:02:30 +01:00 · 2018-03-21 21:02:30 +01:00 · d5608c7478
parent 114e474d4c
commit d5608c7478
1 changed files with 11 additions and 9 deletions
--- a/fargo/oauth2/views.py
+++ b/fargo/oauth2/views.py
@ -204,13 +204,15 @@ class OAuth2AuthorizePutView(TemplateView):

    def post(self, request, *args, **kwargs):
        oauth2_document = OAuth2TempFile.objects.get(pk=kwargs['pk'])
-        if 'cancel' in request.POST:
-            error = urllib.urlencode({'error': 'access_denied'})
-            oauth2_document.delete()
-            uri = request.session['redirect_uri'] + '?' + error
-            return HttpResponseRedirect(uri)
+        try:
+            if 'cancel' in request.POST:
+                error = urllib.urlencode({'error': 'access_denied'})
+                uri = request.session['redirect_uri'] + '?' + error
+                return HttpResponseRedirect(uri)

-        UserDocument.objects.create(
-            user=request.user, document=oauth2_document.document,
-            filename=oauth2_document.filename)
-        return HttpResponseRedirect(request.session['redirect_uri'])
+            UserDocument.objects.create(
+                user=request.user, document=oauth2_document.document,
+                filename=oauth2_document.filename)
+            return HttpResponseRedirect(request.session['redirect_uri'])
+        finally:
+            oauth2_document.delete()